C:\Users\danio\Desktop\discordAIO6\discordAIO6\obj\Release\discordAIO6.pdb
Static task
static1
Behavioral task
behavioral1
Sample
Discord.AIO(1).exe
Resource
win10v2004-20241007-en
General
-
Target
Discord.AIO(1).rar
-
Size
5.5MB
-
MD5
3d588221b2c9781893e7b1ab01dc3fca
-
SHA1
b5b04487b86a3cb53acff6bb28987567460203bf
-
SHA256
0e4eb858a365905513d5a052b94a350f257a968cbb2c33245e18df8f7e36d9e1
-
SHA512
a44d7cb00117c82dcbd797c5c3baabafda957174200cc0a914ff6bd80078816133be874dd12b6c11c6cb7312d1590f015b4231714b0cbd411b8e923ef97f18d1
-
SSDEEP
98304:ln8/RJ25ew2yquO6/6mC1POC/vKfu+QQLUqnsjJcTIRUKKnI6tw0/lO8jraVv2pe:lnGIj2juO6/671POeEuNQQGcJcSK520K
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
resource yara_rule static1/unpack001/Discord.AIO(1).exe disable_win_def -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Discord.AIO(1).exe
Files
-
Discord.AIO(1).rar.rar
Password: says
-
Discord.AIO(1).exe.exe windows:4 windows x86 arch:x86
Password: says
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ